hxxp://zoho[.]com

Resubmissions

28/08/2023, 21:42

230828-1kpqtsbb6t 1

28/08/2023, 21:35

230828-1fh3gsbb2y 1

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 21:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://zoho.com

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133377326267843664"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3696	msedge.exe
3696	msedge.exe
4788	msedge.exe
4788	msedge.exe
1300	identity_helper.exe
1300	identity_helper.exe
2660	chrome.exe
2660	chrome.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 1908	4788	msedge.exe	80
PID 4788 wrote to memory of 1908	4788	msedge.exe	80
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3676	4788	msedge.exe	81
PID 4788 wrote to memory of 3696	4788	msedge.exe	82
PID 4788 wrote to memory of 3696	4788	msedge.exe	82
PID 4788 wrote to memory of 3144	4788	msedge.exe	83
PID 4788 wrote to memory of 3144	4788	msedge.exe	83
PID 4788 wrote to memory of 3144	4788	msedge.exe	83
PID 4788 wrote to memory of 3144	4788	msedge.exe	83
PID 4788 wrote to memory of 3144	4788	msedge.exe	83
PID 4788 wrote to memory of 3144	4788	msedge.exe	83
PID 4788 wrote to memory of 3144	4788	msedge.exe	83
PID 4788 wrote to memory of 3144	4788	msedge.exe	83
PID 4788 wrote to memory of 3144	4788	msedge.exe	83
PID 4788 wrote to memory of 3144	4788	msedge.exe	83
PID 4788 wrote to memory of 3144	4788	msedge.exe	83
PID 4788 wrote to memory of 3144	4788	msedge.exe	83
PID 4788 wrote to memory of 3144	4788	msedge.exe	83
PID 4788 wrote to memory of 3144	4788	msedge.exe	83
PID 4788 wrote to memory of 3144	4788	msedge.exe	83
PID 4788 wrote to memory of 3144	4788	msedge.exe	83
PID 4788 wrote to memory of 3144	4788	msedge.exe	83
PID 4788 wrote to memory of 3144	4788	msedge.exe	83
PID 4788 wrote to memory of 3144	4788	msedge.exe	83
PID 4788 wrote to memory of 3144	4788	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://zoho.com
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa02546f8,0x7fffa0254708,0x7fffa0254718
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11116229262687635011,9765924798281067442,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11116229262687635011,9765924798281067442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,11116229262687635011,9765924798281067442,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11116229262687635011,9765924798281067442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11116229262687635011,9765924798281067442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11116229262687635011,9765924798281067442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11116229262687635011,9765924798281067442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11116229262687635011,9765924798281067442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11116229262687635011,9765924798281067442,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11116229262687635011,9765924798281067442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11116229262687635011,9765924798281067442,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11116229262687635011,9765924798281067442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,11116229262687635011,9765924798281067442,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11116229262687635011,9765924798281067442,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x134,0x138,0x13c,0x104,0x140,0x7fff8e099758,0x7fff8e099768,0x7fff8e099778
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1872,i,426178889534668687,1818756953670317606,131072 /prefetch:2
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1872,i,426178889534668687,1818756953670317606,131072 /prefetch:8
  2⤵
  PID:496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2272 --field-trial-handle=1872,i,426178889534668687,1818756953670317606,131072 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1872,i,426178889534668687,1818756953670317606,131072 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1872,i,426178889534668687,1818756953670317606,131072 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4644 --field-trial-handle=1872,i,426178889534668687,1818756953670317606,131072 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1872,i,426178889534668687,1818756953670317606,131072 /prefetch:8
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1872,i,426178889534668687,1818756953670317606,131072 /prefetch:8
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1872,i,426178889534668687,1818756953670317606,131072 /prefetch:8
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1872,i,426178889534668687,1818756953670317606,131072 /prefetch:8
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:5956
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff6fdc17688,0x7ff6fdc17698,0x7ff6fdc176a8
    3⤵
    PID:5984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4380 --field-trial-handle=1872,i,426178889534668687,1818756953670317606,131072 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5028 --field-trial-handle=1872,i,426178889534668687,1818756953670317606,131072 /prefetch:1
  2⤵
  PID:5492

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
107KB

MD5
a2e5d95b589026c2e84ce6c4737cc70a

SHA1
0b76307b5801a3dce0d2ec683f1abc72dadb3ab4

SHA256
cc8c9ac3b0ce2d42de0d58b5ffb6869793fbeac46e759aa873019246f1eda345

SHA512
592e4f72e9cf9e27644cd4e47c5b9fb46f93e03e766fcca0fcc75f3095ff7be2f4788cc93bb79c8810c1d977faa9c8c92b7c7e4546318e0f0b08b63a4edc6fd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
99cc4315f2b1e2732944580eef9b7b56

SHA1
315454cef442e4a06931ba23d555155d46725204

SHA256
25b3a6fc85cc06655dfa734269779d15b3b7ad9d62bfeae8b1304176c0c91d2a

SHA512
51225cc40b8109ed884d45ccca4b104bb35725179fc3189334ec8e7b9994995d4afe8b5615ba0a5d6bd1e5634ecb01a899b9020b32d492b7bc6d3bc1bf27159c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7f2b8e6658d1dc5a93edfdc40795e44d

SHA1
0e63f59850b0e8d91e14325eadb3e4405f9e22ae

SHA256
61ea8701efdd6eba2e6d9ed9cb2f4b374e07919ac6f0327bc36199f8f44f3a95

SHA512
02aa2b4b08a6d2d9b9c29111631ef343f940c467693802930d1448db38519baef2a62c0edce66c4d855075eb2528939856d3bf7a598ddc107b0912864bada8b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
3d07063c6a6d8b659c14b2c9ea052f54

SHA1
2b35269aa312c5983a5d7dfaa6e566e8882d9366

SHA256
489b72f019d94ab05ef7a7e272815f73a8bde4c49c482bd8cc7f8a3ff657a306

SHA512
49d559f605902f003e52feae411e79c5059dcc433cd2ac9ef826d8ec051682e3f2ba68bcc36a5f97c8a15a731226381c29d6ddb7f26c3f55515cf852a5890219

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
361793895806929cedd46f75465c5d43

SHA1
1705f2242ea0da1d6e71d7e909491a56f872b9c6

SHA256
7d73419a2f89da75540027304e4a780480242ffb8517d15ae4f4aede929406cc

SHA512
c6f7e73de8f74effc04729cc7c0bc65cb3c4b9957a069df5f52af9fb1d9c2e770dd1b92ac5fcdc8d07896f8b6c4bb9a6e6e14f541fd4ac8a80249980a1c73202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3e9601c617b3bf34d90428c79e3efc1d

SHA1
28eb33e86a2cd9d6fd4afe0093ba144275b34ca3

SHA256
3c8cf3d4f7b3c767e1d1e0a9ee4340f4598bd9282174ecf0d526d5dc40e620b5

SHA512
ead87ea2531495941985578cbaff6b6eb1f572606e5edcdf697057692a344aab8318fb5cc7296979fb84723729ac9ef3d2fba358cb07a9021890d7c23203c292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1aaf1a14148d6b8bb709de852ab2efae

SHA1
18699760bdc50b9b1afd976b8c9b476187a6442a

SHA256
0910b51961e31c776bb741763098b39f105fa6bbd602417bbfc46fecd002eefc

SHA512
b1f28416478b9853986abcb88b9f7b581d6171dcd4eb7785f7c0b654f39951652f1faad5334b6e567cb663d757c0e834a068044be69dbd93f6cbf5917bc52356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8d297f63d0e4d3dd002864359705b103

SHA1
e835497308bec6bfaf17046fbaf4d3c338282704

SHA256
d1d617758a9cda03f7bbd056987779213927e9bb5b2367728de120fc818edd16

SHA512
5725a60fbc748de723f5c60b042d3f1956e33d6a252edae9df3d67d6d4376fb7c23d5e7458ba792ae1502508af1651eeed408915fbb4c8cce9b277324c1ccb3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
432117dd2d21621ddd77288a6dd2863d

SHA1
f7e57e1760bd215cbbc1c2f402cbed5ec3bfd948

SHA256
eedbe9777590bbe1aa9af5e758f36287a2921d147de61e556812e675467065b8

SHA512
9eddb5b65e5bc0d169beb6819a3a1ced3e173476337e97850756569809b1cfac7d007baba931c2d57f07e4223f8a70db005afb2affc82ecc57d84a8356a502b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
7637fd2d523fcef2bf34c16d5254e0a7

SHA1
74f3fbaad8e94795bb7c2fd3c99f6ab87b0f5816

SHA256
7ffc89ddd048b26353c69ec2f0e7e881ebf53f06d52bb3785a9915cfef7b71b6

SHA512
375162a12e1cfae2883caac0c91e76c660bda1bf6d32a75e00deca57c7d3104d3b17f8dbe0e1d75b6ca5e1bdef4346104690d6d4bdcf60d96381431b0f7a5b1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
592B

MD5
5b33d3ab25358c6ff3fddf28582c305e

SHA1
c34a2c022b9f2ca574ff5c66b0d00e7def3cb44b

SHA256
a10a55aa2f1090fc3f7909700dd487cff97eb49c77f9059a9761dff276724ece

SHA512
9e52136a653ca2a6acc97e80c7bed8eb3a8fa3916feea665d5b18247342097be9f0969adcbfbb88a0c0b59994159305b495e2eff6d7a05c6cc3a46c066a841b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f5cd659ac3c3575023942f663094068d

SHA1
df7401b993eb26152eacc9d6c89d9998ea28db33

SHA256
0e543de757d6434c7c3b6e4907f7f3140b1ea88c65aaee0ac43cefbb255bd526

SHA512
888b108ea64417e7e82d542878f6f7c559c1bf8067550eb46c8295dfb0c29fc61acd92057acaec1175ff50015503a4488147d1d596b4ce63ebff9b97f38619a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aa46498ef750d31a09260be3bd3256a2

SHA1
bc14d7e66fb7e9108f2446d6fd704befaf9eef2f

SHA256
e4db7e4edb0eb675756c9ed14fe1af3dc343e31f7a3487f23ae2a23227f4368f

SHA512
85a3e65a68d64336c11837916cdd3b7a8d6737fb6bd73180292461f10435dd67aa07e41947e6d2803a80371af3c1d0837c1031528f6bf12088b2f08856e37fca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4959a5c2f51c674eb2c4b92c1a8d0eb

SHA1
12d84712d93017547d4c58430869cde196e77c73

SHA256
a3e124fa5c285e4f33ce64e193af7ddb002eaf813aadb2a6dd5df20e0e17d973

SHA512
8d52290ab7b4eadf7305952ae8b7f28bdf5973d3560b7da79e9591a350be8556c8b7efe7cc7506d92906d1dc4fafa9e8e27d5baff240378563d78d83ac4af076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6cd920a168cd8a29a1d27e1e81337f90

SHA1
be27b226b99867c0840d95b07cbc5bc714d12ec0

SHA256
21715a6d4e45d42330b2b134f3de001fa0c1d824a706a4a96bc6b5eae031fba2

SHA512
07c52921c64702f5dee20f48b1123ba91a17606686733a8484f60bc2d92ee8f113d6522f97bd98bb4fe4ff29ad23b5234cc8ad94a02283b280e28bf3f5331896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a361f494118273364740d394f8545d28

SHA1
052fed03e1f79a15cfd363ece9a03c350e7b1377

SHA256
f9f8967dbf807946483d5cda98fc2f62eb89251346fb9f0ef99ca4179cda478f

SHA512
6fe6c2caadce192387adafe131c61bf61a967ac393e1a814d73b04b45a9bdef102995a23dc40161ec3c2b81bd798ce59eb05dda8414d9149fabe55a9d40d59be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
37ec82cf090a35f87369b4485ff7a7d6

SHA1
51d38c114d55e4b418d2a5e034266f61cd5c9357

SHA256
7787cdece6a9c106fe88a4970d01a4bf052e873d6deb993c83083f6d0867570f

SHA512
99b0a656637df0e459b47c00148dd2ee17f198ae4341a9c3201ccf8d121aadd68d620fdac65d85325294fc92be5baf8651c321fce655fdbb20ea4ba1f418ff73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
effc2a2f6112c045d0b2d66a2adf0d52

SHA1
51008023d5d43832eb7621991324e9d0d599f054

SHA256
c1e40c9a6e7ccb4e2ba6c213d40b6bc6e91649cebde405e97285dc704b8ebfd8

SHA512
94c34788d05b4c6cebdc09a74426202a3e66ccaeae73835a319063191ee84c7bba4fd2d82e95436bdc71107f623835b29796dbd087b38350b1a7f8bd27f0a629

Download Submit